Authorities in the US have charged two “swatters” for using hacked Ring cameras to livestream the law enforcement’s response to swatting-related calls.
According to the US Attorney’s Office, a Racine, Wisconsin resident, Kya Christian Nelson, and Andrew McCarty from Charlotte, North Carolina, have been charged by federal prosecutors for their alleged involvement in swatting attacks.
The duo targeted over a dozen owners of compromised Ring home security cameras. Furthermore, the suspects exploited the hacked cams to livestream the law enforcement’s response on social media.
It is worth noting that, in December 2020, as reported by Hackread.com, the FBI issued a warning related to swatting attacks in which hackers were using compromised smart home devices to live-stream swatting attacks.
Charging Details
Reportedly, Nelson, 21, who used the alias ChumLul, and McCarty, aka Aspertaine, 20, have been charged in Los Angeles federal court with one count of conspiring to gain intentional access to computers without authorization.
Nelson is charged with two counts of unauthorized, intentional access to computers and two counts of aggravated identity theft.
The attacks, according to authorities, occurred in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.
Per the police, the two suspects were aided by a third man who obtained the login credentials of victims’ Yahoo accounts and identified if they owned a Ring doorbell camera. How they got Yahoo credentials is yet unclear. It is quite possible that these credentials were obtained from a hacker forum or extracted from publicly leaked databases.
How did The Attack work?
Per the indictment filed in the Central District of California on Friday, the suspects had access to twelve Ring cams, which they compromised by hacking the Yahoo Mail accounts of camera owners.
Starting on 7 November 2020, the duo made hoax emergency calls to the local police departments, telling them that the owners intended to initiate an armed response, aka swatting. In one instance, an emergency call was made to West Covina, California’s local police, on 8 November.
The caller claimed to be a minor and informed the police that her parents were busy drinking and shooting guns inside their home. When the cops reached the residence, Nelson accessed the hacked Ring doorbell, hurled verbal threats, and taunted the cops. Similarly, they carried out eleven more swatting attacks during the same week.
“Defendants Nelson and McCarty would access without authorization the victims’ Ring devices and thereafter transmit the audio and video from those devices on social media during the police response”, prosecutors said in a press release.
In another November indictment filed in the District of Arizona, McCarty participated in swatting attacks on eighteen individuals. None of the defendants has entered a plea as yet. The accused would get up to five years in federal prison if convicted.